Skype acknowledges Android vulnerability, user data at risk [video]

The detectives over at Android Police have found an interesting weakness in Skype for Android. The site has discovered that the popular VoIP chat client stores contact details, conversation logs, and a host of other information in a series of unprotected squlite3 databases. “Skype mistakenly left these files with improper permissions, allowing anyone or any app to read them,” reads the article. “Not only are they accessible, but completely unencrypted.” The vulnerability was initially found in the recently-leaked Skype build for Verizon’s HTC ThunderBolt, but upon further review the current build of the software was also found to have the issue. The article’s author has even provided a proof-of-concept application that can leverage the databases’ weakness. Skype has published an official response saying that the company takes privacy very seriously and is “working quickly to protect users from this vulnerability.” Hit the jump to see a video of the proof-of-concept in action.

umm.. right.. because skype is totally open source, isn’t it? or are you blaming a failure of the skype developers on android?

Joel

Yes I am. Android has no verification process so any malicious or faulty app can be uploaded and accessed by the millions of Android users. That wouldn’t happen on the iPhone. Quality control.

Steve Hillshire

It already has happened to Apple. Get a clue.

Joel

I got a clue, you get one.

Steve Hillshire

@Joel obviously not. You don’t seem to be able to recall when there were iOS apps that were stealing sensitive information? Or do you as the iSheep overlook those things? Get off your high horse and step back down into reality. Or how about that iOS was recently pwned in seconds with its safari web browser? Yes, quality control at its best. Spread your FUD somewhere else or get a clue.

http://twitter.com/NICKVALENTIN0 Nick Valentino

Can anyone help me remember the last time private data was extracted from a BlackBerry?

Bringit

open – just like the backside of PAPINYC last night.

Anonymous

“Bringit” BABYYY™, you ‘Brung iT’… you let your ‘PAPI’ tear ‘iT’ up. I had to widen-up my backside, so I could hit you from the front and back. If I’z a little too ruff with you, it was only cuz I wanted to make sure iPopped that ‘Bringit’ iCherry. Who’s yo’ Daddy???!!

Bringit

Careful, your going to ruin your keyboard splooging on it daily fantasising about me all day long PAPiNYC. I prefer your momma – she is nice and wide open like you drooiiidd.

Jus

LOL where are all the Android freaks…come on, some how get RIM involved and deflect this some how.
Man if this was RIM apple communist and android fanboys would be all over this.
So little comments…LMAO security and this is enterprise ready.

Joel

LOL I noticed literally no fandroids. They are too busy rooting their phones and running ADB commands to remove the skype app that comes pre-installed on a lot of phones.

Steve Hillshire

So a known app has a vulnerability and needs to be fixed. What about the purposeful malicious apps that have made it past the big crApple iron gates? Do I hear the teapots calling the kettles black?? You think nobody remembers when the Appstore had malicious software breaches??

iHypocrits!!!!

Yoyoma

LOL, I know right, where are all the pussy ass RIM haters now?

Anonymous

Now that’s what I call OPEN!

Anonymous

Way a go Google keep up the great work of policing your platform for shit apps. Your users must be stupider then iSheep to trust Google aka The Great Evil Empire.

Bullyboyb

This is not even about open source. This is about how Google makes an operating system and then absolves itself of any responsibilities to the user, manufacturer, developers and anyone involved with android.
Microsoft, Apple and probably Rim actively police their app stores bring down the axe on any malicious apps which access data without the users knowledge.
Android is a mine field for both manufacturers and consumers while Google sits there raking in the ad money.

http://twitter.com/urkle91 Urkle91

Can someone tell me whats being “open” really mean? Is it the fact that apple does not like when you go in and fool around with there software? Or deny certain apps?

http://twitter.com/urkle91 Urkle91

Can someone tell me whats being “open” really mean? Is it the fact that apple does not like when you go in and fool around with there software? Or deny certain apps?

GooFan2

ANDROID FTW. THIS IS A FEATURE NOT A vulnerability

Anonymous

APPLE GOOD!!!! ANDROID BAD!!!!!

Steve Hillshire

ANDROID GOOD!!!! APPLE BAD!!!!!

Anonymous

STEVE BAD!!!! VERY BAD!!!! U WILL BE BENT OVER A BARREL AND VIOLATED
UP DA POOP CHUTE WITH A PINEAPPLE!!! think about it…. Ya…. U no
likey.

Steve Hillshire

Very good. You are up to 4th grade thinking. You best get off the computer before mom and dad find that you’ve used up your limit of 2 hours today.